Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Bump com.unboundid:unboundid-ldapsdk from 7.0.1 to 7.0.2 #44928

Merged
merged 1 commit into from
Dec 5, 2024

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Dec 4, 2024

Bumps com.unboundid:unboundid-ldapsdk from 7.0.1 to 7.0.2.

Release notes

Sourced from com.unboundid:unboundid-ldapsdk's releases.

UnboundID LDAP SDK for Java 7.0.2

We have just released version 7.0.2 of the UnboundID LDAP SDK for Java. It is available for download from GitHub and SourceForge, and it is available in the Maven Central Repository. You can find the release notes for this release (and all previous versions) at https://docs.ldap.com/ldap-sdk/docs/release-notes.html, but here’s a summary of the changes:

  • We added support for using the 2.x version of the Bouncy Castle FIPS-compliant security provider, which provides support for FIPS 140-3 compliance. The 1.x version of the library, offering FIPS 140-2 compliance, is still supported. To use the LDAP SDK in this mode, you should ensure that the necessary jar files are in the classpath, and then you should call CryptoHelper.setUseFIPSMode("BCFIPS2") as early as possible in the life of the application.

  • We added a new PropertyManager class that can be used to retrieve the value of specified properties using either system properties or environment variables. Values can be optionally parsed as Booleans, numbers, or comma-delimited lists. Most uses of system properties within the LDAP SDK have been updated to support the new PropertyManager mechanism so that it’s possible to set values as environment variables as an alternative to system properties.

  • We fixed a bug in the SSLUtil.certificateToString method that prevented it from including the notBefore and notAfter timestamps in the string representation.

  • We added client-side support for the Ping Identity Directory Server’s new to-be-deleted accessibility state for use with the get subtree accessibility and set subtree accessibility extended operations.

  • We updated the MoveSubtree utility class to provide the ability to use the new to-be-deleted accessibility state (as an alternative to the hidden state) for the target subtree before starting to remove entries from the source server.

  • We added a new SubtreeAccessibilityState.isMoreRestrictiveThan method that can be used to determine whether one accessibility state is considered more restrictive than another.

  • Updated the documentation to include the latest versions of the following LDAP-related specifications:

    • draft-coretta-ldap-subnf-01
    • draft-coretta-oiddir-radit
    • draft-coretta-oiddir-radsa
    • draft-coretta-oiddir-radua
    • draft-coretta-oiddir-roadmap
    • draft-coretta-oiddir-schema
    • draft-ietf-kitten-scram-2fa
    • draft-melnikov-sasl2
    • draft-melnikov-scram-bis
    • draft-melnikov-scram-sha-512
    • draft-melnikov-scram-sha3-512
Changelog

Sourced from com.unboundid:unboundid-ldapsdk's changelog.

          <div align="right">

${TARGET="offline"} LDAP SDK Home Page ${TARGET="offline"} Product Information

          <h2>Release Notes</h2>
      &lt;h3&gt;Version 7.0.2&lt;/h3&gt;
  &amp;lt;p&amp;gt;
    The following changes were made between the 7.0.1 and 7.0.2 releases:
  &amp;lt;/p&amp;gt;

  &amp;lt;ul&amp;gt;
    &amp;lt;li&amp;gt;
      Added support for using the 2.x version of the Bouncy Castle FIPS-compliant
      security provider, which offers support for FIPS 140-3 compliance.  Previously,
      the LDAP SDK only supported the 1.x version of the library, which offers FIPS
      140-2 compliance.  The necessary jar files must already be in the CLASSPATH.
      &amp;lt;br&amp;gt;&amp;lt;br&amp;gt;
    &amp;lt;/li&amp;gt;

    &amp;lt;li&amp;gt;
      Added a new PropertyManager class that can be used to retrieve the values of
      system properties or environment variables, optionally parsing the values as
      Booleans, numbers, or comma-delimited lists.  Most uses of system properties
      within the LDAP SDK have been updated to use the PropertyManager, so those
      properties can now be set as environment variables as an alternative to Java
      system properties.
      &amp;lt;br&amp;gt;&amp;lt;br&amp;gt;
    &amp;lt;/li&amp;gt;

    &amp;lt;li&amp;gt;
      Fixed a bug in the SSLUtil.certificateToString method that prevented it from
      including notBefore and notAfter timestamp values in the resulting string
      representation of the provided certificate.
      &amp;lt;br&amp;gt;&amp;lt;br&amp;gt;
    &amp;lt;/li&amp;gt;

    &amp;lt;li&amp;gt;
      Updated client-side support for the Ping Identity Directory Server's get subtree
      accessibility and set subtree accessibility extended operations to include a new
      to-be-deleted accessibility state.
      &amp;lt;br&amp;gt;&amp;lt;br&amp;gt;
    &amp;lt;/li&amp;gt;

    &amp;lt;li&amp;gt;
      Updated the MoveSubtree utility class to provide an option to use the new
      to-be-deleted subtree accessibility state when removing entries from the source

... (truncated)

Commits
  • d3320e6 Allow to-be-deleted state in MoveSubtree
  • 7dfba2b Update the OID registry
  • 0c84638 Add accessibility state isMoreRestrictiveThan
  • 7e722bf Add a to-be-deleted subtree accessibility state
  • e861c63 Fix an issue with loading the BC JSSE provider
  • 8da9461 Add a method for getting FIPS provider name
  • 61b1268 Add methods for getting FIPS provider by version
  • 6c67fec Fix a bug in SSLUtil.certificateToString
  • 4906e7d Add support for BCFIPS2
  • 88de3f0 Update to draft-coretta-ldap-subnf-02
  • Additional commits viewable in compare view

Dependabot compatibility score

You can trigger a rebase of this PR by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [com.unboundid:unboundid-ldapsdk](https://github.com/pingidentity/ldapsdk) from 7.0.1 to 7.0.2.
- [Release notes](https://github.com/pingidentity/ldapsdk/releases)
- [Changelog](https://github.com/pingidentity/ldapsdk/blob/master/docs/release-notes.html)
- [Commits](pingidentity/ldapsdk@7.0.1...7.0.2)

---
updated-dependencies:
- dependency-name: com.unboundid:unboundid-ldapsdk
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added the area/dependencies Pull requests that update a dependency file label Dec 4, 2024
@quarkus-bot quarkus-bot bot added the area/securepipeline issues related to ensure Quarkus can be used in a secure pipeline setups like FIPS or similar label Dec 4, 2024
Copy link

quarkus-bot bot commented Dec 4, 2024

/cc @Karm (securepipeline), @jerboaa (securepipeline)

Copy link

quarkus-bot bot commented Dec 5, 2024

Status for workflow Quarkus CI

This is the status report for running Quarkus CI on commit e5a67e5.

✅ The latest workflow run for the pull request has completed successfully.

It should be safe to merge provided you have a look at the other checks in the summary.

You can consult the Develocity build scans.

@gsmet gsmet merged commit d23a2bf into main Dec 5, 2024
52 checks passed
@quarkus-bot quarkus-bot bot added this to the 3.18 - main milestone Dec 5, 2024
@dependabot dependabot bot deleted the dependabot/maven/com.unboundid-unboundid-ldapsdk-7.0.2 branch December 5, 2024 13:52
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
area/dependencies Pull requests that update a dependency file area/securepipeline issues related to ensure Quarkus can be used in a secure pipeline setups like FIPS or similar kind/component-upgrade
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant